All,
I too have a Motorola Surfboard 4200, not sure of revision/firmware
number, but whenever I have www.securityspace.com do a basic scan of
my system, my Motorola modem locks up hard and I have to power cycle it
to get it back. It locks up before my IDS can detect anything so
something is up
On Wed, 06 Nov 2002 12:55:26 GMT, Gianni Tedesco [EMAIL PROTECTED] said:
FYI: tested on gcc version 2.96 2731 (Red Hat Linux 7.3 2.96-112)
which doesn't seem to do this. What compiler version/flags, if any does
this depend on?
gcc 3 and later (3.2 is current) are well able to do this
At 10:44 AM 2002-11-05 -0800, Michael Howard wrote:
During the Windows Security Push in Feb/Mar 2002, the Microsoft Internet
Explorer team devised a method to reduce the risk of cookie-stealing
attacks via XSS vulnerabilities.
If I understand the XSS vulnerability correctly, it is all based
[EMAIL PROTECTED] writes:
On Tue, 05 Nov 2002 22:38:32 +0100, Florian Weimer [EMAIL PROTECTED]
said:
What about HTTP headers which advise user agents to disable some
features, e.g. read/write access to the document or parts of it via
scripting or other Internet Explorer interfaces?
Is
Hi Adreas
I just read his reply aswell and I dont agree with him on some points. Sure
enough there are ways to execute code despite restictions such as you
mention (not running activex components not marked safe for scripting) ,
like the http-equiv thingie where you drop a file (wich is really my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A working example of the Sandblad advisory #10 is attached and also
available on
http://www.why4.com/hack.html
WeHack4You CyberStalking Consultancy
WWW : http://www.why4.com
E-Mail : [EMAIL PROTECTED]
VoiceFAX : +31 (0)87 190 1989
VoiceFAX : +1
For a small data point regarding the need to (somehow) address XSS
vulnerabilities: according to CVE statistics, XSS issues are the
second most frequently reported vulnerability type this year [1],
behind buffer overflows (though new flavors of overflows help to
maintain that #1 position.) Note:
On Thu, Nov 07, 2002 at 11:50:03PM -0500, Nick Simicich wrote:
At 10:44 AM 2002-11-05 -0800, Michael Howard wrote:
During the Windows Security Push in Feb/Mar 2002, the Microsoft Internet
Explorer team devised a method to reduce the risk of cookie-stealing
attacks via XSS vulnerabilities.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 11.08.02a:
http://www.idefense.com/advisory/11.08.02a.txt
File Disclosure Vulnerability in Simple Web Server
November 8, 2002
I. BACKGROUND
As its name suggests, Peter Sandvik's Simple Web Server is a
Linux-based web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 11.08.02b:
http://www.idefense.com/advisory/11.08.02b.txt
Non-Explicit Path Vulnerability in QNX Neutrino RTOS
November 8, 2002
I. BACKGROUND
QNX Software Systems Ltd.'s Neutrino RTOS (QNX) is a real-time
operating system
Why are people constantly focusing on reverse lookups in this thread? How
does this make sense? How often are reverse lookups really accurate for web
servers?
I think it would be better for this software to keep the list of domains,
and routinely do *forward* lookups, and add the IPs to a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: perl-MailTools
Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: nss_ldap
Advisory ID:
Hi,
Linksys WAP11-V2.2 seems to be vulnerable in a different way. It only
returns AP's name,
SSID and firmware version. Except for firmware version, those are not
private informations.
Quickly patched proof of concept :
#include stdio.h
#include unistd.h
#include stdlib.h
#include
Florian Weimer wrote:
What about HTTP headers which advise user agents to disable some
features, e.g. read/write access to the document or parts of it via
scripting or other Internet Explorer interfaces?
HTTP headers are arguably the wrong place, but it might make sense to
have a NOSCRIPTS tag
We added a feature kinda like this to IE6, you can mark a FRAME with:
FRAME SECURITY=RESTRICTED
!-- blah blah --
/FRAME
And this will force all content into the IE Restricted Zone, which, by
default will not allow much of anything to work.
Cheers, Michael
Secure Windows
There are three different places in the directory index of LiteServe where
unsanitized user input is returned to the browser. The first is yet another
wildcard DNS vulnerability, the second centers around query strings.
Write-Up: http://www.techie.hopto.org/vulns/2002-37.txt
* DNS Wildcard XSS
The Linksys WAP11-V2.2 appears to be at least partially susceptible to
this trick:
$ ./ksn-wap
Type: GL2422AP-00-0M0 T1.0 -02
Announced Name : yyy
Admin Username :
Admin Password :
The 1.09 firmware does not reply with a password bit the 1.01c firmware
does. (1.01c is newer
David Endler wrote:
If the attacker's UID is 2, he or she can then launch the attack by
requesting the following URL:
modules.php?name=Your_Accountop=saveuseruid=2bio=%5cEditedMessage=
nopass=xvpass=xnewsletter=,+bio=0,+pass=md5(1)/*
[...]
+--[ bio = '\',
Well, this is
In-Reply-To: [EMAIL PROTECTED]
Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
D-Link DWL-900AP+ B1 version 2.1 and 2.2
ALLOY GL-2422AP-S
EUSSO GL2422-AP
LINKSYS WAP11-V2.2
The D-Link DWL-900AP+ B1
Erik Parker wrote:
Discovered by: HD Moore
Products Tested: Netscreen-25 (All models expected to be vulnerable)
Vendor contacted: October 23rd
Vendor confirmed: October 23rd
CVE: CVE-2001-0144 covered this bug.
4.0.0r6 is now out ( must have been in the last 24 Hrs), it claims to
address
21 matches
Mail list logo